Mozilla Foundation Security Advisory 2005-19

Autocomplete data leak

Announced

February 24, 2005

Reporter

Matt Brubeck

Risk

Moderate

Impact

Moderate

Products

Firefox

Fixed in

Firefox 1.0.1

Description

As users downarrow through autocomplete choices each is copied in turn into the input control. A malicious site could create a page that autocompletes some common data (such as phone number or SSN) and potentially convince a user to arrow through the values. Script on the page could watch the values as they are added and copy them into a hidden field for submission to the site.

Workaround

Turn off the Form Fill feature.

References

https://bugzilla.mozilla.org/show_bug.cgi?id=270697

Firefox for Desktop

Firefox for iOS

Firefox for Android

Firefox Focus

Firefox blog

Mozilla VPN

Mozilla Monitor

Firefox Relay

Pocket

MDN Plus

Fakespot

Thunderbird

About Mozilla

The Mozilla Manifesto

Get Involved

Innovation Projects

Blog

Mozilla Foundation

Mozilla.ai

Mozilla Ventures

Mozilla Advertising